Weekly Vulnerabilities Reports > September 12 to 18, 2011
Overview
81 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 43 vendors including Microsoft, Adobe, Cogentdatahub, Measuresoft, and Progea. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Path Traversal", and "Improper Input Validation".
- 78 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 77 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
38 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-16 | CVE-2011-3499 | Progea | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017 Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location. | 10.0 |
| 2011-09-16 | CVE-2011-3498 | Progea | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017 Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | 10.0 |
| 2011-09-16 | CVE-2011-3497 | Measuresoft | Information Exposure vulnerability in Measuresoft Scadapro service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method. | 10.0 |
| 2011-09-16 | CVE-2011-3496 | Measuresoft | Improper Input Validation vulnerability in Measuresoft Scadapro service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. | 10.0 |
| 2011-09-16 | CVE-2011-3495 | Measuresoft | Path Traversal vulnerability in Measuresoft Scadapro Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command. | 10.0 |
| 2011-09-16 | CVE-2011-3494 | Interactivedata | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Interactivedata Esignal 10.6/10.6.2425 WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. | 10.0 |
| 2011-09-16 | CVE-2011-3493 | Cogentdatahub | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cogentdatahub Cogent Datahub Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands. | 10.0 |
| 2011-09-16 | CVE-2011-3492 | Azeotech | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Azeotech Daqfactory Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034. | 10.0 |
| 2011-09-16 | CVE-2011-3491 | Progea | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Progea Movicon Powerhmi 11/11.0.1017 Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field. | 10.0 |
| 2011-09-16 | CVE-2011-3490 | Measuresoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Measuresoft Scadapro Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command. | 10.0 |
| 2011-09-16 | CVE-2011-3488 | Equis | Resource Management Errors vulnerability in Equis Metastock Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout. | 10.0 |
| 2011-09-15 | CVE-2011-3322 | Scadatec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Scadatec Procyon Scada 1.06/1.13 Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow. | 10.0 |
| 2011-09-14 | CVE-2011-2595 | Acdsee | Buffer Errors vulnerability in Acdsee Fotoslate 4.0 Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file. | 10.0 |
| 2011-09-12 | CVE-2011-3421 | Google Acer Samsung | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |
| 2011-09-12 | CVE-2011-3420 | Google Acer Samsung | Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | 10.0 |
| 2011-09-16 | CVE-2011-3503 | Interactivedata | Unspecified vulnerability in Interactivedata Esignal 10.6.2425.1208 Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. | 9.3 |
| 2011-09-16 | CVE-2011-3321 | Siemens | Buffer Errors vulnerability in Siemens products Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308. | 9.3 |
| 2011-09-16 | CVE-2011-3211 | Bcfg2 | Improper Input Validation vulnerability in Bcfg2 The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client. | 9.3 |
| 2011-09-15 | CVE-2011-2442 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-2441 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2440 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2439 | Adobe | Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-2438 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2437 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434. | 9.3 |
| 2011-09-15 | CVE-2011-2436 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2435 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2434 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437. | 9.3 |
| 2011-09-15 | CVE-2011-2433 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437. | 9.3 |
| 2011-09-15 | CVE-2011-2432 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2011-09-15 | CVE-2011-2431 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1991 | Microsoft | Unspecified vulnerability in Microsoft products Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-071 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html'CWE-426: Untrusted Search Path' | 9.3 |
| 2011-09-15 | CVE-2011-1990 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1989 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1988 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1987 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1986 | Microsoft | Resource Management Errors vulnerability in Microsoft Excel 2003 Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1982 | Microsoft | Improper Input Validation vulnerability in Microsoft Office 2007/2010 Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." | 9.3 |
| 2011-09-15 | CVE-2011-1980 | Microsoft | DLL Loading Arbitrary Code Execution vulnerability in Microsoft Office Shared Component Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-073 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-15 | CVE-2011-3394 | Myrephp | SQL Injection vulnerability in Myrephp Myre Real Estate Software SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2011-09-15 | CVE-2011-2671 | 9 Dotpp NET | Authentication Security Bypass vulnerability in Megalith 12/27 Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors. | 7.5 |
| 2011-09-14 | CVE-2011-3208 | CMU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | 7.5 |
| 2011-09-14 | CVE-2010-4839 | Edgetechweb Wordpress | SQL Injection vulnerability in Edgetechweb Event Registration SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action. | 7.5 |
| 2011-09-12 | CVE-2009-5094 | Cmsfaethon | SQL Injection vulnerability in Cmsfaethon CMS Faethon 2.2.0 SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | 7.5 |
| 2011-09-12 | CVE-2009-5091 | Vlinks | SQL Injection vulnerability in Vlinks 1.0.3/1.1.6 SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-09-12 | CVE-2009-5088 | Ideacart | SQL Injection vulnerability in Ideacart 0.02 SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. | 7.5 |
| 2011-09-15 | CVE-2011-1984 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." | 7.2 |
| 2011-09-13 | CVE-2009-5097 | HP | Code Injection vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4 Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3. | 7.1 |
33 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-15 | CVE-2011-1353 | Adobe Microsoft | Local Privilege Escalation vulnerability in Adobe Acrobat and Reader Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. | 6.9 |
| 2011-09-12 | CVE-2009-5095 | EA Style | Code Injection vulnerability in Ea-Style Gbook 0.1/0.1.4 PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter. | 6.8 |
| 2011-09-12 | CVE-2009-5090 | Daman371 | SQL Injection vulnerability in Daman371 Bloggeruniverse SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors. | 6.8 |
| 2011-09-14 | CVE-2010-4834 | Oneorzero | SQL Injection vulnerability in Oneorzero Aims 2.6.0/2.7.0 Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. | 6.5 |
| 2011-09-14 | CVE-2010-4838 | Extensiondepot Joomla | SQL Injection vulnerability in Extensiondepot COM Jsupport 1.5.6 SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php. | 6.0 |
| 2011-09-13 | CVE-2009-5098 | HP | Resource Management Errors vulnerability in HP Palm PRE Webos 1.0.2/1.0.3/1.0.4 The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception. | 5.4 |
| 2011-09-16 | CVE-2011-3502 | Cogentdatahub | Information Exposure vulnerability in Cogentdatahub Cogent Datahub The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | 5.0 |
| 2011-09-16 | CVE-2011-3501 | Cogentdatahub | Numeric Errors vulnerability in Cogentdatahub Cogent Datahub Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value. | 5.0 |
| 2011-09-16 | CVE-2011-3500 | Cogentdatahub | Path Traversal vulnerability in Cogentdatahub Cogent Datahub Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. | 5.0 |
| 2011-09-16 | CVE-2011-3489 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation Rslogix RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted rna packet with a long string to TCP port 4446 that triggers (1) "a memset zero overflow" or (2) an out-of-bounds read, related to improper handling of a 32-bit size field. | 5.0 |
| 2011-09-16 | CVE-2011-3487 | Carel | Path Traversal vulnerability in Carel Plantvisor Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-16 | CVE-2011-3486 | Beckhoff | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Beckhoff Twincat Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read. | 5.0 |
| 2011-09-14 | CVE-2011-2581 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Nexus 5000 and Nx-Os The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | 5.0 |
| 2011-09-13 | CVE-2009-5101 | Pentaho | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic. | 5.0 |
| 2011-09-12 | CVE-2009-5093 | Php4Scripte | Path Traversal vulnerability in PHP4Scripte Gastebuch 1.6 Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-12 | CVE-2009-5087 | Geovision | Path Traversal vulnerability in Geovision Digital Surveillance System 8.2 Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-09-15 | CVE-2011-3393 | Myrephp | Cross-Site Scripting vulnerability in Myrephp Myre Real Estate Software Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter. | 4.3 |
| 2011-09-15 | CVE-2011-1893 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." | 4.3 |
| 2011-09-15 | CVE-2011-1891 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Services Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." | 4.3 |
| 2011-09-15 | CVE-2011-1890 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." | 4.3 |
| 2011-09-15 | CVE-2011-0653 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." | 4.3 |
| 2011-09-14 | CVE-2011-3481 | CMU | Unspecified vulnerability in CMU Cyrus Imap Server The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. | 4.3 |
| 2011-09-14 | CVE-2011-2201 | Mark Stosberg Perl | Permissions, Privileges, and Access Controls vulnerability in Mark Stosberg Data::Formvalidator The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | 4.3 |
| 2011-09-14 | CVE-2010-4837 | Extensiondepot Joomla | Cross-Site Scripting vulnerability in Extensiondepot COM Jsupport 1.5.6 Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. | 4.3 |
| 2011-09-14 | CVE-2010-4836 | Phpshop | Cross-Site Scripting vulnerability in PHPshop Cross-site scripting (XSS) vulnerability in register.html in PHPShop 2.1 EE and earlier allows remote attackers to inject arbitrary web script or HTML via the name_new parameter. | 4.3 |
| 2011-09-13 | CVE-2009-5099 | Pentaho | Cross-Site Scripting vulnerability in Pentaho BI Server 1.2.0/1.6.0 Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | 4.3 |
| 2011-09-13 | CVE-2009-5096 | Khalid Baheyeldin Drupal | Cross-Site Scripting vulnerability in Khalid Baheyeldin Flag Content Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. | 4.3 |
| 2011-09-12 | CVE-2010-4340 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Libcloud libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. | 4.3 |
| 2011-09-12 | CVE-2011-3422 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. | 4.3 |
| 2011-09-12 | CVE-2009-5092 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Fast ESP 5.0.9 Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-09-12 | CVE-2009-5089 | Ideacart | Path Traversal vulnerability in Ideacart 0.02/0.02A Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2011-09-15 | CVE-2011-1892 | Microsoft | Information Exposure vulnerability in Microsoft products Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." | 4.0 |
| 2011-09-14 | CVE-2010-4835 | Oneorzero | Path Traversal vulnerability in Oneorzero Aims 2.6.0 Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action. | 4.0 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-09-13 | CVE-2009-5100 | Pentaho | Information Exposure vulnerability in Pentaho BI Server 1.2.0/1.6.0 Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password. | 2.1 |